WannaCrypt Ransomware Attacks – Could They Attack Application Containers?
“WannaCrypt ransomware attacks should make us wanna cry” is the CNN news headline for the world-wide ransomware attack which started last Friday (5/12). The data clearly showed that this was a very serious network attack: more than 20 hospital IT systems (Britain’s NHS had to cancel surgeries), more than 100 countries, large enterprises like Spanish firms Telefonica, Germany’s main train operator Deutsche Bahn, Russia’s Interior Ministry, China’s universities and gas stations…
So from security point of view, here are some interesting observations:
- Public clouds are doing a better job of security in this case. WannaCrypt is basically attacking Microsoft windows vulnerabilities on SMB, RDP, IIS service ports like 445. Thousands of computers became victims. But a lot of public cloud providers are blocking unnecessary ports 445/137/138/139 already by default, so the virtualization technologies and network segmentation naturally helped to reduce these risks.
- Internal security has become more and more important. One of the main reasons why the WannaCrypt ransomware attacks are spreading so fast is because there are fewer security protections in place for internal networks. Starting from a compromised laptop or internal VM, port scanning and attacks spread by east-west (internal) traffic. Even if gateway firewalls have the proper rules they can’t do anything for east-west traffic because they are typically deployed for north-south (external) traffic.
Read the entire article here, WannaCrypt Ransomware Attacks – Could They Attack Application Containers?